We help IT Professionals succeed at work.

Active Directory Users

Christobal Padilla
Christobal Padilla used Ask the Experts™
Newbie Question:

I just inserted my first server to an existing AD domain.  Do the users appear on the local server automatically or all rights are handed out on the AD Domain level where the user objects are?
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

If the new server is only a Domain Member any domain users will be queried by that server to the Domain Controller(s)
Adam BrownSenior Systems Admin
Top Expert 2010

Active Directory doesn't place users on a computer when you add it to the domain. It stores them centrally. User Rights are handled through Group Policy by the Domain Controller, depending on how you set it up. You will, however, need to modify the local groups on the server to specify local admins on the server. By default, Active Directory adds the Domain Admins group to the Local Admins group, so if you want to do administrative tasks you can log on with domain\administrator.
Run dcpromo.exe on your new server if you want it to also be a Domain Controller, then follow the instructions to activate the Active Directory Domain Services role. Rember to run adprep on your existing 2003 Domain Controller. You can also change the FSMO roles to the 2008 server.

Do a search on dcpromo and 2008 server for lots of assistance if that is the direction you are headed.
Top Expert 2012
All authentication and access to domain resources come from your AD environment. You would need to add permissions to folders and files from your Domain which will restrict and give access to the files by Domain authentication.

AD allows to manage all users from one location so there is no need to download the users to each computer.

Server 2008 is a big beast but if it is partaking in AD and is part of a domain you need to do a lot of reading to get a handle it all. A good place to start may be below, good luck and enjoy but be careful if this is a work environment....


The server will keep all its local users & groups. No new ones will be added from the domain. If you make it a DC then the local users & groups will be removed.

All rights / permissions / settings will be set on that server depending on what GPO/scripts are applied to it by the domain & what user logs on to it.
Use Chily Active Directory Management and Reporting for the ease of users management in Active Directory - http://www.chilysoftware.com/active-directory-management-and-reporting.html